What is Zero Trust?

One of the most frequently mentioned terms in the world of cybersecurity during recent years, Zero Trust is a security model that assumes that no user or device can be trusted, requiring verification and authorization for each access attempt, thus reducing potential risks and minimizing the attack surface.

 

Who needs Zero Trust?

We can’t determine whether this approach is necessary or not, simply based on size of a company. No matter if you are a small business or a multinational corporation, any organization can benefit from implementing the Zero Trust model. With the increasing sophistication of cyber threats, Zero Trust offers a proactive defense strategy that protects your digital assets, customer data and intellectual property.

 

How will Zero Trust improve the operation/security of your company or organization?

By adopting the Zero Trust model, your company or organization can significantly improve its operations and security. Zero Trust model enables granular access control, continuous monitoring and real-time threat detection, strengthening resistance to data leakage, insider threats and lateral movement within your network.

 

Does Zero Trust have an alternative and why it doesn’t?

Zero Trust is not just a buzzword; it is a necessary paradigm shift in cyber security. While there may be alternative security approaches, none provide the same comprehensive and proactive protection as Zero Trust. Its focus on identity verification, segmentation and micro-segmentation ensures a strong defense against external and internal threats.

 

Three interesting facts about Zero Trust

1. Contrary to its name, Zero Trust does not imply complete distrust; it just means a rigorous checking process. Zero Trust model prioritize continuous authentication, least-privilege access, and strict access controls.
2. John Kindervag introduced Zero Trust as a security IT model back in 2010, while he was working at Forrester Research.
3. The Zero Trust model is not the only name for this approach, it is also known as Zero Trust Architecture (ZTA), Zero Trust Network Architecture (ZTNA) or Zero Trust Network Access (ZTNA).

 

Zero Trust solutions we are using

At Avola, we use the following solutions in our daily business, mapped into Zero Trust model:

• Delinea PAM
• Thales STA
• Symantec web proxy
• Trend Micro EDR
• Fortinet with its ZT portfolio: FortiClient, FortiClient EMS, FortiOS ZTNA Application Gateways and FortiAuthenticator

 

Some useful links related to Zero Trust

If you are interested in learning more about Zero Trust, based on what we have explained to you in this short series of posts over the last two months, we feel free to suggest you some useful links:

• https://csrc.nist.gov/publications/detail/sp/800-207/final
• https://www.virtualstarmedia.com/downloads/Forrester_zero_trust_DNA.pdf
• https://delinea.com/solutions/zero-trust-security-model
• https://delinea.com/blog/zero-trust